Son hServer Web Server Input Validation Flaw Lets Remote Users View Arbitrary Files on the System
|
|
SecurityTracker Alert ID: 1006874
|
|
CVE Reference: CAN-2003-0417
(Links to External Site)
|
Updated: Jan 20 2004
|
Original Entry Date: May 29 2003
|
Impact: Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Advisory: Damage Hacking Group
|
Version(s): 0.2
|
Description: A vulnerability was reported in the 'Son hServer' web server. A remote user can traverse the directory.
Damage Hacking Group reported that a remote user can supply a specially crafted HTTP request to view files on the server that are
located outside of the web root directory.
According to the report, the software does not properly filter user-supplied input.
In particular, the '|' pipe character is not filtered. A remote user can create URLs containing this character to traverse the
directory structure.
A demonstration exploit URL is provided:
http://[server]/.|./
|
Impact: A remote user can view arbitrary files on the system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: super-m.narod.ru/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Any)
|
Reported By: D4rkGr3y <grey_1999@mail.ru>
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 29 May 2003 16:10:50 -0700
From: D4rkGr3y <grey_1999@mail.ru>
Subject: Son hServer v0.2: directory traversal
|
-----BEGIN PGP SIGNED MESSAGE-----
################################################################
# _____ __ __ ___ #
# ........\ \.| |.| |/ \........ #
# : / \| | | | __> : #
# : / _ \ |_| | / __ : #
# : / / \ | <_/ \ : #
# :..../ _/ / _ | ` \....: #
# : \_________/__| |__|_______/ : #
# : Damage Hacking Group : #
# : Security Advisory : #
# :.............................: #
# #
# http://www.dhgroup.org #
#b d#
##b,________________________________________________________.d##
| |
Product: Son hServer v0.2
Authors: super-m.narod.ru
| Vulnerability: directory traversal |
#--------------------------------------------------------------#
| Overview: |
~~~~~~~~~
Small russian http server
| |
#--------------------------------------------------------------#
| Problem: |
~~~~~~~~
This server doesn't filter the "|" (slash) symbol.
| |
#--------------------------------------------------------------#
| Exploit: |
~~~~~~~~
Type in your browser: "http://[server]/.|./" and enjoy ;)
| |
#--------------------------------------------------------------#
| :wow: |
www.dhgroup.org -=> opened English version! Come on in :)
~~~
NeKr0 /DHG www.dhgroup.org
| |
#______________________________________________________________#
\___________________________da_end___________________________/
Best regards www.dhgroup.org
D4rkGr3y icq 540981
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQCVAwUBPtaTcm4LIpseSJmPAQGULAP8Cwy21KIFzkUd+OxQBkO8cReTtn2xLo/k
r/N6wSvMCXk3LKqrLAh+pdHXt76rqX9zI5z2nwrV8P05S4DYtlFSGPDMiCFEyQ/u
LZwRs6HiuF3A0DBph9AXAJEfNZfUsX9M619kLk1RTK22T0GqcsPG+fZCh8RBdCBp
/zIvGD+T5gc=
=it5C
-----END PGP SIGNATURE-----
|
|
